You can exempt users from having Oracle Data Redaction policies applied to the data they access.

To do so, you should grant the users the EXEMPT REDACTION POLICY system or schema privilege. Grant this privilege to trusted users only.

In addition to users who were granted this privilege, user SYS is also exempt from all Data Redaction policies. The person who creates the Data Redaction policy is by default not exempt from it, unless this person is user SYS or has the EXEMPT REDACTION POLICY system or schema privilege.

Note the following:

• The EXEMPT REDACTION POLICY system or schema privilege, when granted to a user or role on a schema, enables the grantee to bypass any existing Oracle Data Redaction policies. This user will be able to view the actual data from tables or views on which Data Redaction policies are defined in the schema.

• Users who have the INSERT privilege on a table can insert values into a redacted column, regardless of whether a Data Redaction policy exists on the table. Data Redaction only affects SQL SELECT statements (that is, queries) issued by a user, and has no effect on any other SQL issued by a user, including INSERT, UPDATE, MERGE, or DELETE statements. (See the next bullet for exceptions to this rule.)

• Users cannot perform a CREATE TABLE AS SELECT where any of the columns being selected (source columns) is protected by a Data Redaction policy (and similarly, any DML operation like INSERT-SELECT, UPDATE, MERGE, or DELETE statements where the source column is a redacted column), unless the user was granted the EXEMPT REDACTION POLICY system or schema privilege.

• The EXEMPT REDACTION POLICY system privilege is included in the DBA role, because the DBA role contains the EXP_FULL_DATABASE role, which is granted the EXEMPT REDACTION POLICY system privilege. This privilege is granted to the EXP_FULL_DATABASE role to enable export of data which has one or more redaction policies defined. This privilege must be granted explicitly to users otherwise.